Cybersecurity

Only Google would think it was a good idea to have a Director of Security for Google Apps, Eran Feigenbaum, who is also a professional magician/mentalist. A ValleyWag post first spotlighted this frightening irony/bad joke. 

Let's review what a magician and mentalist does:

• Per Dictionary.com:
  • A "magician" is: "an entertainer who is skilled in producing illusion by sleight of hand, deceptive devices." 
  • A "mentalist" is: "a mind reader, psychic, or fortuneteller." 

Security is very serious business. Given that Google arguably has collected and stored more recent private information... on more people without their meaningful permission... than any entity in the world... one would think that Google would treat security as very serious business too.    

People want real security, not the illusion of security. Security is deadly serious; its not for show.

What is most disturbing about Google's judgment here is that this is not an isolated issue undermining confidence in Google's committment to security; see the other parts of the series on "Why Security is Google's Achilles Heel," to learn how this is part of a broader disturbing pattern of Google not taking security seriously.  

The lead WSJ story today, "Arrest in Epic Cyber Swindle" covering the cybercrime ring theft of over 130 million credit/debit cards, is a stark high-profile reminder of the very real and pervasive Internet problem of lack of cybersecurity. 

• In the face of overwhelming mainstream evidence that lack of cybersecurity is the Internet's #1 problem (see links below), including President Obama's declaration that cybersecurity must be a new national security priority in his 5-29 cybersecurity address, it is perplexing that none of the FCC's National Broadband Plan workshops are on cybersecurity. 
• It is hard to see how the Open Internet's growing security problem can be addressed and mitigated over time, if the U.S. Government's main big picture policy effort addressing the broadband Internet, the National Broadband Plan, does not even collect input from the public or experts on the Internet's #1 problem -- lack of cybersecurity.
• The first step in solving a big problem is acknowledging there is one. 

While the latest net neutrality bill introduced in Congress has no chance of passage as drafted, it is a bay window view into how extreme the net neutrality movement has become and into what they are seeking from the FCC via backdoor regulation.

• The proposed Markey-Eshoo bill, HR 3458, which was drafted in close coordination with FreePress and the Open Internet Coalition, is much more extreme than previous bills in 2008 and 2006.

Why is this bill the most extreme version of net neutrality yet?

First, it is a completely unworkable framework.

• It imposes a beyond-all-reason, effective absolute ban on prioritization of data traffic, essentially eliminating current essential network management flexibility to: protect networks from attack or malware; ensure quality of service; manage congestion, latency, and jitter; and handle unforeseen or emergency situations. Sections: 12(b)(5), 12(b)(6)

• For all practical purposes, it destroys most any private sector incentive or benefit from competing or investing in broadband by outlawing any pricing/business model differentiation/innovation beyond commodity end user pricing. Section 12(b)(2)

It is interesting that since I started this series spotlighting that security is and has been, for all practical and official purposes, a low corporate priority for Google, a Googler now publicly claims: "for Google, there is no higher priority than the safety and security of our users."

• This new public claim was made as part of a press release announcing that Google has joined the board of the National Cyber Security Alliance. 
• While I commend Google for joining the National Cyber Security Alliance, it is telling that none of the relevant official Google corporate links, indicate that security is a high priority for Google: check "Our Philosophy -- Ten Things," "Design Principles," or even "Google's Security Philosophy." 
• We will know when Google makes security a high priority when they actually walk the talk and when their official representation of their corporate priorities (in the main corporate links above) reflect that security has truly become a new higher priority for Google. 

This new claim and development presents a useful opportunity to evaluate Google's stated security philosophy.   

Evidence of the Open Internet's growing security problem only continues to mount. There also appears to be a growing and troubling disconnect between the seriousness of the actual problem and the seriousness of attention paid to the growing Internet security problem.  

• For example, despite President Obama making cybersecurity a national security priority in his cybersecurity address 5-29-09, none of the FCC's 18 currently planned public workshops designed to help develop a National Broadband Plan are on cybersecurity.   

"Twitter, Facebook Sites Disrupted by Web Attack"  WSJ

• "Multiple Internet sites, including popular hangouts Twitter and Facebook, were temporarily disrupted Thursday after they were struck by apparently coordinated computer attacks..."
• "The companies traced the problem to what the computer industry calls "denial-of-service" attacks, which are designed to make sites inaccessible by overwhelming them with a flood of traffic. Though such attacks are fairly routine, simultaneous action against multiple consumer Internet companies is rare."

"Most users clueless about cybersecurity, FBI says" PC World

A central policy question concerning the future of the Internet, cloud computing, and the National Broadband Plan is whether there should be Internet priorities or a priority-less Internet?

• The crux of the grand conflict over the direction of Internet policy is that proponents of a mandated a neutral/open Internet insist that only users can prioritize Internet traffic, not any other entity. 

To grasp the inherent problem and impracticality with a mandated neutral or priority-less Internet, it is helpful to ask if the Internet, which is comprised of hundreds of millions of individual users, has a mutual "hierarchy of needs" just like individuals have a "hierarchy of needs," per Maslow's famed, common sense "Hierarchy of Needs" theory.

New evidence of very serious Internet security problems sheds new light on why Senate Chairman Rockefeller has taken such a forceful leadership role on cybersecurity and why President Obama made increasing cybersecurity a national security priority in his 5-29 cybersecurity address.

• Computerworld reported testimony before a Congressional oversight panel that sensitive details about a Presidential safe house, Presidential motorcade routes, and every U.S. nuclear facility were leaked on the Internet via a LimeWire P2P application. 
• This serious Internet security problem with P2P applications was also the subject of a 2007 U.S. Patent and Trademark Office (PTO) report , which documented the severe security implications of P2P file-sharing programs that commonly have technological features that induce sharing of information that people did not want or expect to be shared.

The continued seriousness of P2P file-sharing breaches have prompted House Oversight Committee Chairman Edolphus Towns "to call for a ban on the use of peer-to-peer (P2P) software on all government and contractor computers and networks," per Computerworld.   

"Security is part of Google's DNA" is Google's slogan to soothe security concerns about its services much like "competition is one click away" is Google's antitrust slogan to soothe antitrust concerns about its dominance. 

While Google claims security is metaphorically in the "DNA" or "genetic code" of their many cloud applications, "DNA" is also Google code for "Do Not Ask."

"Do Not Ask" is Google's unspoken MO -- method of operation.  

"People are not approaching this from the perspective of helping us analyze what the trade-offs are" said FCC Broadband Coordinator Blair Levin about public comments to the National Broadband Plan -- per Multichannel News.  

• Industry's comments have attempted to be very focused on helping the FCC understand and appreciate the many explicit trade-offs involved in this very important proceeding.

A recap of the key trade-offs facing the FCC:

FOR IMMEDIATE RELEASE                                         

July 21, 2009                                                                                          

Contact:  Scott Cleland

703-217-2407

NetCompetition.org Files Reply Comments on National Broadband Plan NOI

Plan should ensure Government & private sector can work together and aren’t at cross-purposes